Personal Data Protection Policy

Joint Action EUnetCCC considers the security of personal data a top priority. This Privacy Policy explains, at a practical level, what personal data the public website and member Portal process, what it is used for, and which systems are involved. By browsing the public site, signing in to the member Portal, submitting workflows, using support features, or uploading files, you acknowledge that this processing may take place for specific operational, administrative, and legal purposes.

Personal Data

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier (IP address, email, etc.), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

This Policy does not apply to the processing of personal data related to legal entities, including companies established as legal persons. This includes the name, legal form, and contact details of the legal person.

"Processing of personal data" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means. This includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

The Portal processes personal data when you sign in, use member features, submit Certification and centre-related workflows, create support tickets or suggestions, submit form data, or upload files and documents. Depending on the service used, this may include your name, email address, role, centre affiliation, workflow content, comments, uploaded files, file metadata, and related account or session data.

To operate the Portal, EUnetCCC currently uses Sitecore Identity and Sitecore user APIs for authentication and account handling, MongoDB for Portal and workflow records, Azure SQL for notifications, tickets, and suggestions, Azure Blob Storage for uploaded files, SendGrid for transactional email delivery, Azure Service Bus for certain notification integrations, and a separate forms service for some form flows. The public website also uses Google Tag Manager and may enable Google Analytics only after you consent through the cookie controls. Additional information about cookies and analytics is available in the Cookie Policy.

We use this data to authenticate users, manage access rights, associate users with centres and roles, run Certification and centre-registration workflows, record submissions and review activity, deliver notifications and transactional emails, operate support and suggestion processes, and store or serve uploaded files needed for these services.

Some technical data has built-in expiry. For example, member sessions expire after approximately 14 hours and certain edit-lock records expire after 30 minutes of inactivity. Other operational records such as workflow submissions, support records, suggestions, notifications, and uploaded files are retained until they are deleted, replaced, or removed through application or administrative processes, subject to operational and legal requirements.

The Portal uses essential authentication cookies to support sign-in and core member functions. Optional analytics cookies are not enabled until consent has been recorded, and users can later review or withdraw that consent through the cookie controls on this site.

Our website may contain hyperlinks that redirect to third-party websites. These websites are not monitored by EUnetCCC, and therefore, we cannot guarantee that their privacy policies are aligned with ours. We recommend reviewing the privacy policies and terms of use of those external websites carefully.

Regarding the protection of your personal data, you have the following rights:

• The right to access your personal data
• The right to rectify inaccurate or incomplete personal data
• The right to erase your personal data (right to be forgotten)
• The right to restrict the processing of your personal data
• The right to data portability
• The right to object to the processing of your personal data

Updates to Privacy Policy

We may update this Privacy Policy from time to time. You will be notified of any significant changes by posting the updated Privacy Policy on this page. We encourage you to review this Privacy Policy periodically to stay informed of any updates. Changes take effect as soon as they are posted on this page.

For any further clarification, you may contact EUnetCCC by sending an email to Coordination team or Communication team